Copyright © cs-tutorial.

com

1
What is Security....?
Security means protecting information and
information systems from unauthorized
access, use, disclosure, disruption,
modification, or destruction.

2
Security in Distributed Systems
Security is by no means the least important principle of
distributed system.

Infact, it is one of the most difficult principles as security

needs to be pervasive throughout a system.

A single design flaw with respect to security may render

all security measures useless.

3
Security in distributed systems can roughly
be divided into two parts:-
1. One part concerns the communication
between users or processes, possibly
residing on different machines.

2. Authorization, which deals with ensuring

that a process gets only those access rights
to the resources in a distributed system of
which it is entitled to.

4
 Attacks, Services and
Mechanisms
Security Attack: Any action that compromises the
security of information.
Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
Security Service: A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.

5
Security Attacks

6
Security Attacks
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticity.
 In fabrication an unauthorized party counterfeits an
asset.
 Example:- an intruder may add records to an

existing database.

7
Security Goals
Confidentiality

Integrity
Avaliability

8
• Confidentiality:ability to ensure that
messages and data are available only to
those authorized to view them.
– Encryption is used to achieve
confidentiality.

• Integrity: ability to ensure that

information being displayed on a Web site
or transmitted/received over the Internet
has not been altered in any way by an
unauthorized party.
– A Digital signature is commonly used to
ensure data integrity.
9
• Authenticity: ability to identify the identity
of a person or entity with whom you are
dealing on the Internet.
– Digital Certificate is employed to satisfy
the authentication requirement.

Nonrepudiation: ability to ensure that e-

commerce participants do not deny
(repudiate) online actions.

10
Cryptography
It is the art and science of achieving security
by encoding messages to make them non-
readable.

Fundamental to security in distributed

systems is the use of cryptographic
techniques.

11
Encryption
Encryption: The process of transforming
plain text or data into cipher text that
cannot be read by anyone other than the
sender and receiver
Purpose:
 Secure stored information
 Secure information transmission
Provides:
 Message integrity
 Nonrepudiation
 Authentication
 Confidentiality
12
 plaintext
cryptography

encryption decryption

ciphertext
fubswrjudskb

13
Symmetric Key Encryption
Also known as secret key encryption.
Both the sender and receiver use the same
digital key to encrypt and decrypt message
Requires a different set of keys for each
transaction.
Data Encryption Standard (DES): Most widely
used symmetric key encryption today; uses 56-
bit encryption key; other types use 128-bit keys
up through 2048 bits.

14
Symmetric Key Cryptography
plaintext
cryptography

encryption decryption

ciphertext
INTELLIGENCE
INTELLIGENCE PROBLEM (WWII):
fubswrjudskbPROBLEM (WWII):
Alice
Alicewants
wantstotosend
sendaacrypted
cryptedmessage
messageto
toBob.
Bob.
They
Theyneed
needto
toshare
sharethe
thesame
samekey.
key.
Alice
Alicecreated
createdaakey,
key,but
buthow
howto
tolet
letBob
Bobknow
knowit?
it?
15
KEY MAY BE INTERCEPTED!!!

16
The Key Distribution Problem
• In general, there are two ways to pass a
shared symmetric key between customer and
merchant (M) :-
1. First, customer X can obtain the shared
symmetric key from M’s physical office.
2. Merchant and customer can obtain the shared
symmetric key from a trusted party (key
distribution centre) through a secure channel.
– After establishing the first shared secret key,
the merchant and the customer can also
change the secret key regularly by encrypting
the new key with the old key.

17
Symmetric Key Encryption
Algorithm
Data Encryption Standard (DES):-
encrypts 64-bit data blocks through many
stages of transposition and substitution
techniques, using a 56-bit encryption key.

IDEA (International Data Encryption

Algorithm) :- encrypts 64-bit data blocks
with a 128-bit key.

18
Public Key Encryption
• Uses two mathematically related digital keys –
public key (widely disseminated) and private key
(kept secret by owner).

• Both keys are used to encrypt and decrypt message.

• Once key is used to encrypt message, same key

cannot be used to decrypt message.

• For example, sender uses recipient’s public key to

encrypt message; recipient uses his/her private key
to decrypt it.

19
 plaintext
cryptography

encryption decryption

public private
key ciphertext key
fubswrjudskb

Asymmetrical Cryptography

20
Asymmetrical Cryptography makes it possible
to use separate keys for encryption and
decryption.

To exchange messages:

- use public key to encrypt
- use private key to decrypt

21
Public Key Cryptography
1. Bob creates a pair
of different keys

DECRYPTION
KEY
2. Bob sends one of the keys to Alice
ENCRYPTION
KEY

4. But only Bob has

the decryption key!

3. Everyone can get Bob’s public

key and use it to encrypt a message

22
Public Key Cryptography – A Simple Case

23
 plaintext
cryptography

encryption decryption

public private
key ciphertext key
fubswrjudskb

Electronic Signature

24
Asymmetrical Cryptography makes it possible
to use separate keys for encryption and
decryption.

To exchange messages:

- use public key to encrypt
- use private key to decrypt
To use electronic signature:
- use private key to encrypt
- use public key to decrypt

25
One application of cryptography in distributed
systems is the use of hash functions.

Hashing is the transformation of a string of

characters into a usually shorter fixed-length
value or key that represents the original string.

A hash function H takes a message m of

arbitrary length as input and produces a fixed
size value h called message digest (MD).

26
 Message Hash Function Message digest

• MD is a fixed length (128 or 160 bit) summary of message

• One way: message cannot be recovered from MD

27
Requirements of a Message Digest
Given a message, it should be very easy to find
its corresponding message digest.

Given a message digest, it should be very

difficult to find the original message for which
the digest was created.

Given any two messages, if we calculate their

message digests, the two message digests must
be different.
28
To sign a document, sender’s software
will crunch down the message into just a
few lines by a process called "hashing".

 These few lines are called a message

digest. (It is not possible to change a
message digest back into the original data
from which it was created.)

Sender then encrypts the message digest

with his private key. The result is the
digital signature. 29
Digital Signatures
Digital signatures are one of the most
important inventions of modern cryptography.

A digital signature is a type of asymmetric

cryptography used to simulate the security
properties of a handwritten signature on paper.

Digital signature schemes uses two keys, one

for signing which involves the user's secret or
private key, and one for verifying signatures
which involves the user's public key. The output
of the signature process is called the "digital
signature." 30
Digital signatures serves the purpose of validation
and authentication of electronic documents.

Validation refers to the process of certifying the

contents of the document, while authentication
refers to the process of certifying the sender of the
document.

The main difference from a handwritten signature is

that digital signature of a message is intimately
connected with the message, and for different
messages is different, whereas the handwritten
signature is adjoined to the message and always
looks the same. 31
Digital Signatures are computed based on the
message that need to be signed and some
private information held only by the sender.

In practice for creating digital signature,

instead of using the whole message, a hash
function is applied to the message to obtain
the message digest which is encrypted with
the creator’s private key.

32
 Encrypt with
Message Digest Sender’s Private Key Digital Signature

33
Digital Signatures

34
Digital Certificates

35
Conclusion
Security plays an extremely important role in
distributed systems.

A distributed system should provide the

mechanisms that allow a variety of different
security policies to be enforced.

36
37